Closed
Description
Rob Winch opened SPR-13614 and commented
It would be ideal if Spring Framework provided a transparent way to support x-forwarded headers similar to Tomcat's RemoteIpFilter. This would provide an application container independent way of supporting x-forwarded headers.
Admittedly, #14743 added support for this. However, this is not ideal because the framework and users must leverage the newly added APIs explicitly. Furthermore, always interpreting the request using x-forwarded- allows forging the address so users should really opt in for this (i.e. by adding a Filter).
Affects: 4.2.2
Issue Links:
- Add support for X-Forwarded-Host in ServletUriComponentsBuilder [SPR-10110] #14743 Add support for X-Forwarded-Host in ServletUriComponentsBuilder
- SEC-2792 HeaderChecks not applied to Load Balanced https originated redirects
- SEC-2898 Use ServletUriComponentsBuilder.fromRequest for URL creation
- ForwardedHeaderFilter could support X-Forwarded-Prefix as well [SPR-14270] #18842 ForwardedHeaderFilter could support X-Forwarded-Prefix as well
Referenced from: commits 6fcc869, 36e2dd9, 4cf0b59
0 votes, 5 watchers